zabbix Server 4.0 監控TCP的12種狀態
作者:尹正傑
版權聲明:原創作品,謝絕轉載!否則將追究法律責任。
大家對TCP三次握手比較熟悉了,都知道當發生DOSS攻擊時,客戶端發送SYN給服務端后,服務端響應SYN+ACK,此時客戶端就不回應服務端ACK啦(如果正常建立三次握手客戶端會回應ACK,表示三次握手建立成功,服務端狀態變為ESTABLISED狀態,不了解的小伙伴可以自行百度。),這會導致服務端的SYN-RCVD狀態偏多。因此監控TCP的連接數還是很有必要的,當某個SYN-RCVD偏多時,我們就可能猜測服務有異常了,需要人工介入處理。接下來我們就看看zabbix是如何監控TCP的11中狀態的。
一.TCP狀態掃盲
1>.三次握手
參考鏈接:https://baike.baidu.com/item/%E4%B8%89%E6%AC%A1%E6%8F%A1%E6%89%8B/5111559?fr=aladdin。
2>.使用netstat命令工具查看TCP的狀態
ESTABLISHED
SYN_SENT
SYN_RECV
FIN_WAIT1
FIN_WAIT2
TIME_WAIT
CLOSE
CLOSE_WAIT
LAST_ACK
LISTEN
CLOSING
UNKNOWN
3>.命令行中查看服務器TCP的某種狀態
[root@node102.yinzhengjie.org.cn ~]# netstat -ant | grep -c LISTEN 4 [root@node102.yinzhengjie.org.cn ~]#
二.zabbix監控TCP狀態案例並自定義模板
1>.在zabbix agent端自定義key並重啟服務
[root@node102.yinzhengjie.org.cn ~]# cat /etc/zabbix/zabbix_agentd.d/TCP_STATUS.conf UserParameter=TCP_STATUS[*],netstat -ant | grep -c $1 [root@node102.yinzhengjie.org.cn ~]#
[root@node102.yinzhengjie.org.cn ~]# systemctl restart zabbix-agent [root@node102.yinzhengjie.org.cn ~]# [root@node102.yinzhengjie.org.cn ~]# systemctl status zabbix-agent ● zabbix-agent.service - Zabbix Agent Loaded: loaded (/usr/lib/systemd/system/zabbix-agent.service; enabled; vendor preset: disabled) Active: active (running) since Tue 2019-05-07 07:53:16 PDT; 4s ago Process: 9416 ExecStop=/bin/kill -SIGTERM $MAINPID (code=exited, status=0/SUCCESS) Process: 9419 ExecStart=/usr/sbin/zabbix_agentd -c $CONFFILE (code=exited, status=0/SUCCESS) Main PID: 9422 (zabbix_agentd) CGroup: /system.slice/zabbix-agent.service ├─9422 /usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf ├─9423 /usr/sbin/zabbix_agentd: collector [idle 1 sec] ├─9424 /usr/sbin/zabbix_agentd: listener #1 [waiting for connection] ├─9425 /usr/sbin/zabbix_agentd: listener #2 [waiting for connection] ├─9426 /usr/sbin/zabbix_agentd: listener #3 [waiting for connection] └─9427 /usr/sbin/zabbix_agentd: active checks #1 [idle 1 sec] May 07 07:53:16 node102.yinzhengjie.org.cn systemd[1]: Starting Zabbix Agent... May 07 07:53:16 node102.yinzhengjie.org.cn systemd[1]: PID file /run/zabbix/zabbix_agentd.pid not readable (yet?) after start. May 07 07:53:16 node102.yinzhengjie.org.cn systemd[1]: Started Zabbix Agent. [root@node102.yinzhengjie.org.cn ~]#
2>.服務端驗證zabbix agent自定義的key是否生效
[root@node101.yinzhengjie.org.cn ~]# yum -y install zabbix-get Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile epel/x86_64/metalink | 6.0 kB 00:00:00 * base: mirrors.aliyun.com * epel: mirrors.tuna.tsinghua.edu.cn * extras: mirrors.aliyun.com * updates: mirrors.aliyun.com base | 3.6 kB 00:00:00 epel | 4.7 kB 00:00:00 extras | 3.4 kB 00:00:00 mysql-connectors-community | 2.5 kB 00:00:00 mysql-tools-community | 2.5 kB 00:00:00 mysql56-community | 2.5 kB 00:00:00 updates | 3.4 kB 00:00:00 zabbix | 2.9 kB 00:00:00 zabbix-non-supported | 951 B 00:00:00 (1/5): extras/7/x86_64/primary_db | 201 kB 00:00:00 epel/x86_64/primary_db FAILED https://mirrors.tuna.tsinghua.edu.cn/epel/7/x86_64/repodata/b46e7947260ac0114fc1b48c782d12377659fe2b8f565a55bcab0cf98b124aa1-primary.sqlite.bz2: [Errno 14] HTTPS Error 404 - Not Found ] 0.0 B/s | 0 B --:--:-- ETA Trying other mirror. To address this issue please refer to the below wiki article https://wiki.centos.org/yum-errors If above article doesn't help to resolve this issue please use https://bugs.centos.org/. (2/5): mysql-tools-community/x86_64/primary_db | 58 kB 00:00:00 (3/5): epel/x86_64/updateinfo | 994 kB 00:00:01 (4/5): updates/7/x86_64/primary_db | 4.2 MB 00:00:01 (5/5): epel/x86_64/primary_db | 6.7 MB 00:00:04 Resolving Dependencies --> Running transaction check ---> Package zabbix-get.x86_64 0:4.0.7-1.el7 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================================================================================================================================================================== Package Arch Version Repository Size ================================================================================================================================================================================================================================== Installing: zabbix-get x86_64 4.0.7-1.el7 zabbix 282 k Transaction Summary ================================================================================================================================================================================================================================== Install 1 Package Total download size: 282 k Installed size: 1.1 M Downloading packages: zabbix-get-4.0.7-1.el7.x86_64.rpm | 282 kB 00:00:00 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : zabbix-get-4.0.7-1.el7.x86_64 1/1 Verifying : zabbix-get-4.0.7-1.el7.x86_64 1/1 Installed: zabbix-get.x86_64 0:4.0.7-1.el7 Complete! [root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# zabbix_get -s node102.yinzhengjie.org.cn -k TCP_STATUS[LISTEN] #需要注意的是:這樣取值其實在客戶端是以zabbix用戶進行取值操作,有些命令需要root用戶權限才能執行,因此我們要考慮命令權限的問題喲! 4 [root@node101.yinzhengjie.org.cn ~]#
3>.在zabbix web頁面中創建模板
4>.填寫相應參數並添加模板
5>.模板添加成功
6>.為模板添加監控項(item)
7>.監控ESTABLISHED狀態
8>.克隆上述操作,將其他11中狀態監控起來
9>.TCP的12中狀態照單全收
三.使用自定義模板
1>.配置主機的監控信息
2>.鏈接我們自定義的模板
3>.自定義zabbix監控項
4>.刷新配置並查看最新數據
[root@node101.yinzhengjie.org.cn ~]# zabbix_server -R config_cache_reload #在zabbix server端刷新一下配置 zabbix_server [10628]: command sent successfully [root@node101.yinzhengjie.org.cn ~]#
、